Hi etotheipi,
the first thing i thought of was reasons for revocation - from RFC 3280 Certificate and Certificate Revocation List (CRL) Profile
unspecified (0)
keyCompromise (1)
Whomever has compromised your key is going to steal your revocation funds!
CACompromise (2)
catastrophic system fail; would allow any end-entity certs to move the funds to another cert. just the tx fee charge.
affiliationChanged (3)
what new/old employees had access to the key material? theft risk.
superseded (4)
if the key is old, why spend more funds to it? better to sweep to the new key
cessationOfOperation (5)
if life of cert ends early, sweep to spending wallet and use funds to throw closing party for your staff
certificateHold (6)
possible use of 'reverse' payments?
an additional lookup of transactions matching the payout address could 'hold' certificate?
removeFromCRL (8 )
remove from blockchain? heh. good luck.
privilegeWithdrawn (9)
another possible use of reverse payments - signer sends token to address, 'poisoning' it?
AACompromise (10)
attribute authority (?) -- poorly understood measure in CRL. not sure how applies over reason 2.
I do like the idea of payments to a key you control to trigger some condition.
Additionally, where issuer != subject, you implicitly have the public key of the signer; payments from this address could trigger an additional event.
I am also experimenting with altcoin based UTXOC;
you could have a hierarchy of altcoin based certs - one can share the same public key, which encodes as different addresses and transactions on respective chains; or even denotes a particular kind of event.
ie: if the 'CA' transfers dogecoin from its subject public key (coin address) in its root (which itself is actually a bitcoin UTXOC) this could mean any of the 'CA' specified revocation reasons above?